Share this:

Like this:

Related

16 Responses

Ironically your google Ads served up a WoW gold for cash site ad in reply to this post. The fact that those ads crop up is the primary reason I’m not a fan of google adwords/adsense/etc. on the blogs. :(

A note about the phone authenticator: it’s free. If you have a phone for which there is an authenticator app, there is no excuse – NONE – for not having an authenticator on your account. And your mates may have reason to thank you for getting it.

Also, for peeps that are dropping out for a while, I strongly recommend letting the GM know and getting them to demote you to the lowest level possible. That way, if you do get hacked, the perp won’t have much in the way of access. It’s a small victory, but a victory nonetheless.

@Gnome – well, as I understand it, creating new guild ranks is a problematic process, very ungainly and quite painful for the GM. But most guilds have an initiate or similar level, and that will work as well.

@Jong – I’ll work at keeping it Jong-friendly in Casa de Grimmtooth :)

I can say from personal experience that the hackers are not just exploiting with links and malware. They are also using brute force.

Back in January I decided to leave the game for good (or so I thought). I had never had any issues in the 3 years of playing the game before. I had an authenticator on my phone and I figured I would remove the authenticator in case I had to wipe my phone (since the Android phone I had then had a habit of wiping everything when you updated). Before the phone I had the physical authenticator. I took the phone authenticator off my account and never put the physical one on because I figured I’d never be back and I didn’t think I’d have a problem.

About a month later a guild member I friended on facebook wondered if I had gone back to the game because I was always on but never responded to anyone.

yeah…..

Turns out they brute forced into my WoW account, because I only use Linux and play WoW through WINE on Linux. I know I had no malware or keyloggers on any of my systems.

My main had all emblem gear and wasn’t touched except for everything in my bank (half of the mats for the Chopper and a bunch of other stuff) along with all my gold. My Death Knight was naked, and my alt Rogue lost everything except for BoA shoulders and daggers.

I put the physical authenticator back on. Now that I have returned to the game, my main hunter is slowly rebuilding gold and Chopper mats. I deleted my DK and Rogue and am starting a new DK and a Mage.

I think the authenticator should be required to play. Especially with the merge to Battle.NET and the requirement of email address for the account. Stupidest move on Blizzard’s part.

The real solution to this is simple: Blizzard needs to start selling gold. It’s obviously something that some people want, and the steps Blizz has made to try to prevent this has just not been working clearly.

I agree completely, as some people dont like the thought of blizzard ” Selling out ” so to speak, I personally dont like getting hacked more. I had all three 80’s and all alts deleted cuz my wife threw a racial slur at the farmers stealing my gold. They Told her while she was on her account “give me 10k or i delete. 10K or I delete” She threw her own piece of fiesty woman mind at them and my toons where gone. Blizzard can make that stop as easy as selling gold themselves. they obviously cant stop the farmers.

@Gnome – the funny thing is this – if you leave the authenticator on, and your battery dies, then you still won’t get hacked. And the phone call to support goes a lot more smoothly than the ‘omg i’ve been haxxored’ call.

@Gnome – I also see gold ads in gmail when I get notifictions from your blog RE new comments on a conversation I am following. The funny thing is that I do not see any ads at all when looking at this post directly, or at the main page, so I’m puzzled.

@Slayer – using an obscure(1) OS is no guarantee against a multitude of security holes. Javascript doesn’t care about platform, nor do redirects, cross-site scripting attacks, and so forth. I’ve been working in a project that has interests in this area, and the last year has been enlightening. I’m considering giving up hyperlinks altogether!

=====
(1) In the “security by obscurity” sense, not the “I just dissed your OS” sense, since it obviously matters in your case :)